Agency-specific policies and guidelines

14.23 Agency policies and guidelines will typically be the first point of call for Commonwealth employees seeking to understand their information-handling obligations.

14.24 The guide issued for Australian Public Service (APS) employees by the Australian Public Service Commission, APS Values and Code of Conduct in Practice, advises that:

Agencies should establish clear policies and guidelines so that employees are aware of the provisions that govern the management of information. In addition, agencies may care to consider issuing directions:

  • that require APS employees to comply with agency-level protective security policies and instructions developed on the basis of the PSM;
  • to specific groups of APS employees working with particular kinds of information (for example, APS employees working on a particular tender exercise);
  • that require APS employees to seek advice if they are unsure about whether to disclose information and to keep a record of that advice if authorised to disclose information.[24]

14.25 The potential for agency policies or guidelines to operate as a ‘lawful and reasonable direction’ to an employee and thereby impose new legal obligations on employees is discussed in the following section of this chapter.

Role of agency policies and guidelines

Clarifying the application of relevant secrecy laws

14.26 A key role of agency policies and guidelines is to clarify the application of relevant secrecy laws to the information holdings of an Australian Government agency. This may promote effective information handling by Commonwealth employees, informing and instilling confidence in agency employees and others about the types of information that can be disclosed and the processes for disclosure.

14.27 For example, agency policies and guidelines can clarify the disclosures that may be reasonably likely to prejudice the ‘effective working of government’, and, accordingly, be in breach of reg 2.1 of the Public Service Regulations 1999 (Cth).[25] Some guidance in this regard is available in APS Values and Code of Conduct in Practice:

Depending on the circumstances, this restriction could cover information, such as opinions, consultation, negotiations (including about the management of a contract), incomplete research, or advice or recommendations to the Government, leading or related to, the development or implementation of the Government’s policies or programmes. …

The exemptions set out in the [Freedom of Information Act 1982 (Cth)] are a useful starting point in determining which categories of information may potentially fall within the scope of regulation 2.1.[26]

14.28 Agency policies and guidelines may also clarify the scope of exceptions to secrecy laws for disclosures made ‘in the course of an officer’s duties’—as found, for example, in reg 2.1 of the Public Service Regulations in addition to many criminal secrecy offences. The ALRC recommends a continuing role for such an exception in the context of the general secrecy offence and specific secrecy offences.[27]

14.29 In other situations, an Australian Government agency may issue a policy to deal with a specific contentious or problematic issue. This is illustrated, for example, by the ATO practice statement, Disclosure to Ministers of Information about the Affairs of Taxpayers, which clarifies the circumstances in which ATO officers can provide information about a taxpayer to a minister, including for the purpose of responding to ministerial correspondence with the individual about whom the information relates.[28]

14.30 The importance of having in place overarching information-handling policies was stressed in the 2009 report by the Commonwealth Ombudsman on the collection, storage and dissemination of information by the Australian Crime Commission (ACC), which followed a leak to the media of information that the ACC held about a minister. The Ombudsman criticised the disjointed and inconsistent nature of ACC information governance policies and recommended that:

The ACC should make the development of an overarching information governance policy a high priority. The policy needs to be coherent, take account of existing effective operational practices, be appropriately clear and concrete, balance the benefits of information sharing with the need-to-know principle, provide advice regarding access controls, outline audit functions and provide appropriate definitions and clear advice on sanctions.[29]

14.31 Because policies and guidelines reflect a broad set of information-handling laws and objectives, their requirements may appear inconsistent with those set out in related secrecy laws. In particular, tensions can arise where an agency policy imposes more restrictive information-handling obligations than required by law. This issue came into focus, for example, in hearings before the Senate Select Committee on a Certain Maritime Incident. The Committee heard evidence about the Department of Defence’s public affairs policy, which essentially required all information to be released only by the Minister’s media adviser. In its final report on the incident, the Senate Select Committee noted that:

the strictly centralised control of information through the Minister’s office … meant that Defence was unable to put out even factual information without transgressing the public affairs plan.[30]

14.32 In a submission to this Inquiry, the Commonwealth Ombudsman remarked that although information obtained for the purposes of an investigation is ‘protected by secrecy provisions in the Ombudsman Act 1976 (Cth) and other legislation’:

Agencies are sometimes reluctant to allow access to information except in accordance with their own internal security classification procedures. The Ombudsman’s office and agencies have always been able to agree upon a course of action that resolves this tension, but it can hamper speedy investigation. It is an issue that warrants broader consideration.[31]

14.33 In comparison, an agency may seek to lessen legislative standards of secrecy by seeking to expand, through policy documents, an exception to secrecy laws for conduct in the course of an officer’s duties. This issue was considered by the Australian Government Solicitor (AGS) in its advice to the ATO on the secrecy provision in s 16 of the Income Tax Assessment Act 1936 (Cth), which includes an exception for conduct in ‘the performance of the person’s duties as an officer’:

On an ordinary interpretation of the phrase ‘duties’, one might come to the conclusion that it includes all functions a person undertakes consistently with direction from their superiors. The caselaw considering this phrase has interpreted it broadly. However, there are limitations to the duties that are contemplated by s 16. …

In our view, a person’s duties under s 16(2A) cannot include policy obligations imposed by a Minister by way of a policy document such as the Fraud Control Guidelines or the Commonwealth Prosecutions Policy. If an officer’s duties could extend so far, nothing would prevent the Executive from circumventing a restriction set down by Parliament (the secrecy provisions) simply by making a policy permitting disclosure in the desired circumstances. Parliament, in enacting s 16, could not have intended that future governments would be able to widen the circumstances in which information could be disclosed simply by issuing a policy document.[32]

Transparency

14.34 Some stakeholders in submissions in response to the Issues Paper, Review of Secrecy Laws (IP 34),[33] remarked on the potential role of agency policies and guidelines in assisting members of the public to understand the standard of openness that they should expect from government.[34] The Australian Press Council noted, for example, that this would facilitate actions for judicial review and ‘enable citizens to develop an understanding of the extent and character of secrecy processes’.[35] It further submitted that:

any regulatory mechanisms that define the duty of officers to keep information confidential should be contained in legislation that is subject to parliamentary scrutiny, not in subordinate legislation … It is not appropriate that governments can extend or alter the level of secrecy, which officers are obligated to administer, without having to justify the change to the elected representatives of the Australian people.[36]

Approach in Discussion Paper

14.35 In the Discussion Paper, Review of Secrecy Laws (DP 74), the ALRC proposed that Australian Government agencies should develop and implement policies clarifying the application of relevant secrecy laws and other information-handling obligations to their information holdings, including, at a minimum, information about:

  • the types of information that an employee can lawfully disclose in the performance of his or her duties;
  • the types of information for which an employee must obtain authority for disclosure;
  • the circumstances in which the unauthorised handling of information could result in disciplinary action;
  • the circumstances in which the unauthorised handling of information could lead to criminal proceedings; and
  • avenues for an employee to raise queries or concerns, including the process by which he or she can make a public interest disclosure.[37]

14.36 In formulating this proposal, the ALRC distinguished the role of policies and guidelines in clarifying the application of secrecy laws and other information-handling obligations from that of imposing new and different legal requirements. The ALRC expressed the view that if agency information-handling policies are drafted correctly, they will normally set out a level of secrecy equivalent to that set out in related Commonwealth secrecy laws. In certain circumstances, however, other legal requirements—for example, a requirement for information to be accurate—may justify an agency imposing a different level of secrecy. To be characterised as clarification, these discrepancies must be justified on the basis of other legal requirements.

14.37 The ALRC also noted the public information role of agency policies and guidelines and, to this end, proposed that—save in certain exceptional cases where it would be unreasonable or impractical—Australian Government agencies should make their information-handling policies publicly available.[38]

Submissions and consultations

Clarifying the application of relevant secrecy laws

14.38 A number of stakeholders supported the ALRC’s proposal that Australian Government agencies should develop policies that clarify the application of relevant secrecy laws to their information holdings, including baseline requirements for information that must be included in these policies.[39]

14.39 The Community and Public Sector Union (CPSU) and CLA supported the development and implementation of information-handling policies, but remained concerned about the potential for agencies to impose secrecy requirements in addition to those imposed by secrecy provisions as a part of their information-handling policies.[40] As expressed by the CPSU:

Allowing an agency to make Commonwealth information not otherwise subject to secrecy provisions nonetheless secret by operation of agency policy and the requirement of APS employees to follow such policies is contrary to the principle of open and accountable government. All agency information handling policies should be reviewed and audited to ensure they conform to the necessary legislative standards and the Federal Government’s stated position on openness in government.[41]

14.40 A similar position was taken by the Public Interest Advocacy Centre in its submission in response to IP 34, which commented that, if agency policies purported to impose higher levels of secrecy than those that arise under Commonwealth secrecy laws, the agency should have to make out a ‘convincing case’ to justify them.[42]

Transparency

14.41 CLA expressed ‘strong support’ for Australian Government agencies making their information-handling policies publicly available, other than in exceptional cases:

Promoting a culture of openness requires that those who handle protected information know and understand the philosophy of open and accessible government, transparency and accountability, the application of secrecy laws and the interoperation of FOI. The agency policies on information handling and disclosure should be known and understood not just by those who handle protected information, but by the public. The policies should be made public, reviewed with public input, and then regularly re-assessed on a three-to-five year review cycle.[43]

14.42 Other stakeholders that commented on this proposal also expressed support.[44] The Australian Press Council agreed that ‘where guidelines are issued to public officers to help them make appropriate assessments as to secrecy, those same guidelines should be available to the public’.[45]

ALRC’s views

Clarifying the application of relevant secrecy laws

14.43 Agency information-handling policies, including detailed guidelines, play an integral role in clarifying the application of secrecy laws and other information-handling obligations for Commonwealth officers and others who handle Commonwealth information. In the ALRC’s view, a baseline amount of information must be included in order for information-handling policies to perform this role. In particular, policies should clearly set out:

  • the types of information that an employee can lawfully disclose in the performance of his or her duties;
  • the types of information for which an employee must obtain authority for disclosure;
  • the circumstances in which the unauthorised handling of information could result in disciplinary action; and
  • the circumstances in which the unauthorised handling of information could lead to criminal proceedings.

14.44 ‘Types’ of information in this context could include, for example, a particular kind of information—such as personal or security classified information—or information collected for a particular purpose—such as to administer a particular Act.

14.45 In Chapters 12 and 15, respectively, the ALRC recommends that agency information-handling policies should clarify the manner in which an agency will apply administrative penalties for breaches of secrecy provisions[46] and the avenues available to Commonwealth officers to raise queries or concerns.[47]

14.46 Agency policies along these lines can help foster effective information-handling practices by Commonwealth officers and others in a number of ways. First, they give an unambiguous guide to situations when disclosing Commonwealth information will be unlawful, thereby minimising unintended breaches. Secondly, information about the potential consequences of unauthorised disclosure of Commonwealth information can reinforce the deterrent effect of criminal sanctions and administrative penalties, thereby lessening intentional breaches. Finally, instilling a greater confidence in Commonwealth officers about situations where disclosing information is lawful can promote the timely sharing of Commonwealth information in appropriate circumstances.

14.47 If agency information-handling policies are drafted appropriately, the level of secrecy imposed under the policy will normally be consistent with that set out in related Commonwealth secrecy laws. However, in certain circumstances, a narrower construction may be justified on the basis of other legal requirements, such as the release of accurate information and the apolitical conduct of employees. In these circumstances, the agency should clearly set out the objectives upon which it relies to justify the discrepancy.

14.48 The ALRC agrees with the CPSU about the imperative of independent oversight of agency policies and guidelines. This is especially important in light of the possibility that the level of secrecy set out in these policies may differ—or appear to differ—from legislative secrecy requirements. In Chapter 15, the ALRC discusses the role of the proposed Information Commissioner in overseeing the application and enforcement by Australian Government agencies of secrecy obligations. In the ALRC’s view, it would be consistent with this role for the proposed Commissioner to review and monitor the information-handling policies of agencies.[48]

Transparency

14.49 Save in exceptional circumstances, Australian Government agencies should publish their information-handling policies. The public release of government policies provides members of the public with a better understanding of the standard of openness that they should expect from Australian Government agencies. A greater degree of transparency in the day-to-day operation of secrecy laws also keeps the Australian Government accountable to the public on its information-sharing processes.

14.50 Making Australian Government information-handling policies publicly available is consistent with the objective in the Freedom of Information Act 1982 (Cth) of

making available to the public information about the operations of departments and public authorities and, in particular, ensuring that rules and practices affecting members of the public in their dealings with departments and public authorities are readily available to persons affected by those rules and practices.[49]

14.51 The need for public availability of government information is stressed even more strongly in the revised objects clause of the Exposure Draft of the Freedom of Information Amendment (Reform) Bill 2009 (Cth):

(1) The objects of this Act are to give the Australian community access to information held by the Government of the Commonwealth, by:

  1. requiring agencies to publish the information; and
  2. providing for a right of access to documents.

(2) The Parliament intends, by these objects, to promote Australia’s representative democracy by contributing towards the following:

  1. increasing public participation in Government processes, with a view to promoting better-informed decision-making;
  2. increasing scrutiny, discussion, comment and review of the Government’s activities.[50]

14.52 In the ALRC’s view, the vast majority of Australian Government information-handling policies should be publicly available. However, there may be exceptional cases where it would not be reasonable to publish information on the disclosure protocols of Australian Government agencies. For example, it may be that public knowledge of the information holdings of an intelligence agency, or its patterns of information sharing, could impede the agency’s national security functions. The ALRC recommends an exception from the general requirement of public release of information-handling protocols where such release would be ‘unreasonable or impractical’.

14.53 In Chapter 15, the ALRC recommends a role for the proposed Information Commissioner in reviewing, and reporting to the responsible Minister on, the information-handling policies developed by agencies.[51] In that context, the Information Commissioner may provide advice on the circumstances in which it may not be reasonable for a policy, or part of a policy, to be published.

Recommendation 14–1 Australian Government agencies should develop and implement policies clarifying the application of relevant secrecy laws to their information holdings. These policies should include:

  1. the types of information that an employee can lawfully disclose in the performance of his or her duties;
  2. the types of information for which an employee must obtain authority for disclosure;
  3. the circumstances in which the unauthorised handling of information could lead to disciplinary action; and
  4. the circumstances in which the unauthorised handling of information could lead to criminal prosecution.

Recommendation 14–2 Australian Government agencies should make their information-handling policies publicly available, save in certain exceptional cases where this would be unreasonable or impractical.

[24] Australian Public Service Commission, APS Values and Code of Conduct in Practice (2005) <www.apsc.gov.au> at 30 November 2009, Ch 3.

[25] In Ch 12, the ALRC makes a number of recommendations for reform of reg 2.1.

[26] Australian Public Service Commission, APS Values and Code of Conduct in Practice (2005) <www.apsc.gov.au> at 30 November 2009.

[27] Recommendations 7–1, 10–2.

[28] Australian Taxation Office, ATO Practice Statement Law Administration: Disclosure to Ministers about the Affairs of Taxpayers, PS LA 2004/9 (2004).

[29] Commonwealth Ombudsman, Australian Crime Commission: Review of the Collection, Storage and Dissemination of Information, Report No 15 (2009), Rec 1.

[30] Parliament of Australia—Senate Select Committee on a Certain Maritime Incident, Majority Report (2002), [2.53].

[31] Commonwealth Ombudsman, Submission SR 20, 19 February 2009.

[32] D Boucher, Report of a Review of Information Handling Practices in the Serious Non Compliance Business Line of the Australian Taxation Office (2008), Attachment 9, 22.

[33] Australian Law Reform Commission, Review of Secrecy Laws, Issues Paper 34 (2008).

[34] Public Interest Advocacy Centre Ltd, Submission SR 38, 9 March 2009; Australian Press Council, Submission SR 16, 18 February 2009.

[35] Australian Press Council, Submission SR 16, 18 February 2009.

[36] Ibid.

[37] Australian Law Reform Commission, Review of Secrecy Laws, Discussion Paper 74 (2009), Proposal
15–1.

[38] Ibid, Proposal 15–2.

[39] Department of Health and Ageing, Submission SR 81, 28 August 2009; R Fraser, Submission SR 78, 21 August 2009; Indigenous Business Australia, Submission SR 64, 13 August 2009; Australian Taxation Office, Submission SR 55, 7 August 2009.

[40] Community and Public Sector Union, Submission SR 57, 7 August 2009; Civil Liberties Australia, Submission SR 47, 27 July 2009.

[41] Community and Public Sector Union, Submission SR 57, 7 August 2009.

[42] Public Interest Advocacy Centre Ltd, Submission SR 38, 9 March 2009.

[43] Civil Liberties Australia, Submission SR 47, 27 July 2009.

[44] Department of Human Services, Submission SR 83, 8 September 2009; Department of Health and Ageing, Submission SR 81, 28 August 2009; R Fraser, Submission SR 78, 21 August 2009; Indigenous Business Australia, Submission SR 64, 13 August 2009; Australian Taxation Office, Submission SR 55, 7 August 2009.

[45] Australian Press Council, Submission SR 62, 12 August 2009.

[46] Recommendation 12–4.

[47] Recommendation 15–3.

[48] Recommendation 15–4.

[49]Freedom of Information Act 1982 (Cth) s 3(1)(a).

[50] Exposure Draft, Freedom of Information Amendment (Reform) Bill 2009 (Cth) sch 1 cl 3.

[51] Recommendation 15–4.